LogRhythm rolls out latest version of security platform

LogRhythm 7 is being rolled out around the world, with upgrades to search, scalability, performance and security features.

The company says version 7 of the security intelligence and analytics platform provides the visibility, automation and incident response orchestration capabilities required by the next-generation security operations centre (SOC).

The platform collects information from thousands of disparate data sources, then analyses and prioritises the data and events. The resulting information is then available to SOC personnel, says LogRhythm.

In its 2015 Global Cost of Data Breach Study, the Ponemon Institute cited a continual rise in cyber attack frequency and the costs associated with resolving cyber incidents.

As such, IT teams are increasingly required to improve their visibility and analytics capabilities to detect intruders and respond faster, in order to avoid a material breach or high-impact cyber incident.

“The sophistication and resolve of today’s cyber adversaries continue to rise, as does the number of successful intrusions,” says Chris Petersen, LogRhythm senior vice president of products CTO and co-founder.

He says LogRhythm focuses on enabling IT security teams to detect, respond and neutralise cyber intruders, so an intrusion doesn’t have to lead to a major breach or incident.

LogRhythm 7 includes key updates and features, including:

Elasticsearch-based indexing

The introduction of Elasticsearch enables full-text unstructured search capabilities. When combined with LogRhythm’s contextual search, users can launch faster investigations of data, the company says.

This includes up to 300% improvement in data indexing performance on a per-node basis; the ability to separately and optimally scale data processing and indexing; active/active high-availability data processing and indexing; and the introduction of Elasticsearch and clustering at the indexing tier.

With these combined improvements, LogRhythm 7 supports large data management workloads with less compute and storage resources, while delivering high availability, says the company.

Next-generation SOC

LogRhythm 7 endeavours to make SOC personnel and management more efficient and informed across monitoring, investigation and incident response workflows.

As a whole, improvements to the platform help organisations improve operational effectiveness of existing staff, while reducing mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) to threats, LogRhythm says.

Extensions to the SmartResponse Automation Framework enable multiple pre-staged actions from a single alarm, as well as centralised management of actions from remote locations.

These extensions also allow customers to automate a variety of common investigatory and remediation actions at the endpoint, such as scanning an attacked endpoint and/or quarantining it from the network, easily and effectively.

“LogRhythm optimises enterprise security monitoring, detection and response programmes by delivering an integrated product line that supports the end-to-end detection and response workflow.

“With LogRhythm 7, the company is once again demonstrating its innovation leadership in security intelligence through its use of Elasticsearch, powerful visualisations via its new real-time threat map and with a number of extensions to its automated response framework,” he says.